Jakub Onderka
6d686011a0
Merge pull request #8831 from JakubOnderka/ui-fixes
...
Better UI
2024-01-08 17:33:51 +01:00
Jakub Onderka
8678da10d8
chg: [internal] Optimise reportValidationIssuesAttributes
2024-01-05 16:40:49 +01:00
Sami Mokaddem
71e78e6eb3
Merge branch 'feature/publication-blocking-same-user' into develop
2024-01-05 09:57:59 +01:00
iglocska
2ab819f3cb
chg: [analystdata wip]
2024-01-04 19:56:11 +01:00
Jakub Onderka
9c346e8282
fix: [internal] Code style
2024-01-04 17:59:23 +01:00
Jakub Onderka
c944c4ae3d
fix: [internal] Do not use deprecated method
2024-01-04 17:36:58 +01:00
Jakub Onderka
9ac760110c
fix: [internal] Remove unused variables
2024-01-04 17:33:26 +01:00
Jakub Onderka
edd6d3f157
Merge pull request #9473 from JakubOnderka/logging
...
chg: [internal] Do not log in audit log last_api_access
2024-01-04 16:38:02 +01:00
Jakub Onderka
b5fe0722eb
fix: [internal] Session destroy
2024-01-04 16:16:52 +01:00
Christian Studer
3b0490cfbf
Merge branch '2.4' of github.com:MISP/MISP into develop
2024-01-04 13:42:37 +01:00
Raphaël Vinot
0f268782cc
chg: [PyMISP] Bump version
2024-01-04 13:41:18 +01:00
Jakub Onderka
6b0fb4a638
chg: [internal] Refactor UserController::_postlogin
2024-01-04 12:20:38 +01:00
Jakub Onderka
9d81da4df2
fix: [internal] Fix view user login history
2024-01-04 11:24:36 +01:00
Sami Mokaddem
160d7442ff
Merge branch 'feature/analyst-notes' into notes
2024-01-04 11:20:04 +01:00
iglocska
e04c810ae3
new: [analystdata] wip
2024-01-04 10:12:47 +01:00
Jakub Onderka
54fa92be71
fix: [internal] Code style
2024-01-04 10:11:14 +01:00
Sami Mokaddem
3cf306bee5
fix: [events:getThreads] Removed fake unused function
2024-01-04 09:50:56 +01:00
Sami Mokaddem
f6abd75732
Merge remote-tracking branch 'mokaddem/feature/analyst-note-ui' into feature/analyst-notes
2024-01-04 09:49:05 +01:00
Stefano Ortolani
815f8f6f3c
fix: searching events by event_tags
2024-01-03 18:08:00 +00:00
Jakub Onderka
67b393ea7b
chg: [internal] Move field description to controller
2024-01-03 09:08:42 +01:00
Jakub Onderka
d6c0514644
fix: [internal] Undefined index sharing_group_id when uploading stix file
2024-01-03 09:08:42 +01:00
Jakub Onderka
af4644f534
fix: [internal] Code cleanup for IP logging
2023-12-29 09:59:10 +01:00
Jakub Onderka
786becad1a
chg: [internal] Code cleanup for user login profile
2023-12-22 22:52:02 +01:00
iglocska
f8632849c6
new: [garbage collection] added for temporary files
2023-12-22 15:50:20 +01:00
iglocska
c51d0a1adb
fix: [datasource] added to valid datasources list
2023-12-21 09:46:00 +01:00
iglocska
1cacb3abcc
new: [sg blueprint] encode as sync rule functionality added
2023-12-20 15:32:51 +01:00
Sami Mokaddem
8015f76c69
new: [analyst-notes:UI] Started UI for analyst notes - WiP
2023-12-20 14:36:45 +01:00
iglocska
8b4bb3b34a
chg: [addTag] functions changed to also work with uuids, rather than just local IDs
...
- as reported by @0x3c7
2023-12-19 12:25:17 +01:00
Sami Mokaddem
e900d37366
chg: [events:publish] Improved phrasing on the publication blocking if creator == publisher
2023-12-18 10:10:45 +01:00
Sami Mokaddem
fc135af841
new: [event:publication] Added new setting to block event publication if the user is the creator
...
Enabling this setting will change the behavior of MISP so that it will block the publication of an Event if the publisher is the same as the event creator.
2023-12-18 09:58:24 +01:00
Christian Studer
6a0f3f1b73
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-12-14 14:11:43 +01:00
Raphaël Vinot
5ce35df6ce
chg: [PyMISP] Bump
2023-12-14 12:54:31 +01:00
Christian Studer
6cdfa7b5f7
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-12-12 11:25:52 +01:00
Christian Studer
bdcfe06cf3
add: [upload_stix] Handling cluster distribution and sharing group for content imported from STIX 2.x
2023-12-12 10:57:57 +01:00
iglocska
92888b1376
fix: [security] new audit logs lack of ACL controls
...
- added proper ACL handling to the new audit logs
- as reported by fukusuket(Fukusuke Takahashi)
2023-12-12 10:04:28 +01:00
iglocska
5bed463416
chg: [logging] fail silently if logging entry can't be saved
...
- can happen when the log change is too large for example
- no need to roll back / break sync for example if a log entry is too large, just fail silently.
2023-12-07 15:17:58 +01:00
iglocska
c124df0e47
fix: [password reset] required current password for token based reset
2023-12-07 10:31:50 +01:00
iglocska
4215285443
fix: [Alert on suspicious logins] disabled by default
...
- requires logs table to be better indexed currently to not be a bottleneck (user_id and action fields)
- Will be made default in an upcoming version once the performance issues are resolved
2023-12-01 22:10:50 +01:00
Christophe Vandeplas
aac06b2831
fix: [userloginprofiles] undefined variable #9424
2023-12-01 09:03:29 +01:00
Christophe Vandeplas
0934ab6580
fix: [customauth] missing Class init fixes #9425
2023-12-01 08:35:34 +01:00
Christophe Vandeplas
7f9d7c9e44
fix: [login] fixes bad fix and catches first login after update
2023-11-30 11:16:42 +01:00
iglocska
56cd155367
Merge branch 'develop' into 2.4
2023-11-29 20:33:56 +01:00
iglocska
d63fbfaf87
new: [api] added X-MISP-AUTH as an alternative header to Authorization, fixes #9418
2023-11-29 19:59:43 +01:00
iglocska
ac8f507d55
fix: [user login profile] skip checks for ancient php versions
2023-11-29 12:16:14 +01:00
iglocska
b5437eda1d
fix: [RPZ] export custom parameters ingored, fixes #9420
2023-11-28 14:06:44 +01:00
Christophe Vandeplas
7e2cb89f97
Feature/user login profiles2 ( #9379 )
...
* new: [userloginprofiles] start over with previous code
* fix: [user_login_profiles] fixes catching up the backlog
* chg: [userloginprofile] email to org_admin for suspicious login
* chg: [userloginprofile] only inform new device
* chg: [userloginprofiles] view_login_history instead of view_auth_history
* chg: [userloginprofile] make login history visually better
* chg: [userloginprofile] inform admins of malicious report
* fix: [userloginprofile] cleanup
* fix: [userloginprofile] fixes Attribute include in Console
* fix: [userloginprofile] db schema and changes
* chg: [CI] log emails
* chg: [PyMISP] branch change
* chg: [test] test
* fix: [userloginprofile] unique rows
* fix: [userloginprofile] unique rows
* chg: [cleanup]
* Revert "chg: [PyMISP] branch change"
This reverts commit 3f6fb46fee
.
* fix: [userloginprofile] fix worksers with monolog=1.25 browcap=5.1
* fix: [db] dump schema version
* fix: [CI] newer php versions
* fix: [composer] php version
* fix: [php] revert to normal php7.4 tests
---------
Co-authored-by: iglocska <andras.iklody@gmail.com>
2023-11-24 13:47:59 +01:00
Raphaël Vinot
79e91820ef
chg: [PyMISP] Bump version
2023-11-23 13:47:57 +01:00
iglocska
431f5acd9b
Merge branch 'tmpfiletool' into develop
2023-11-23 12:17:47 +01:00
iglocska
dfe3b786a9
Merge branch 'nohooks' into develop
2023-11-23 09:18:57 +01:00
iglocska
b82093bfe3
fix: [login] action replaced with hard coded route to baseurl . /users/login
2023-11-23 09:14:01 +01:00
Marek Zpevacek
88ef1ac69c
Rreally proper place to import TmpFileTool
2023-11-21 12:53:00 +01:00
Marek Zpevacek
4644e825c1
Fix import of TmpFileTool in RestResponseComponent
2023-11-21 12:35:26 +01:00
iglocska
d015f9cae7
new: [WiP] edit refactor
2023-11-20 14:13:15 +01:00
Luciano Righetti
bc07446a82
fix: taxonomy view filter is not kept when switching pages, fixes #8875
2023-11-15 12:04:28 +01:00
iglocska
d744e6f3d5
new: [event edit] skip validation hooks on demand
...
- WiP for bulk ingestion of minor changes
2023-11-15 07:37:11 +01:00
Jakub Onderka
f40b3cb2cb
fix: [internal] ACL
2023-11-11 14:56:54 +01:00
Luciano Righetti
e1f99a2824
fix: api order not working because of dropped param/incorrect handling, related to #9359
2023-11-09 09:56:57 +01:00
Sami Mokaddem
9ffcae7155
fix: [sightings:view] Added missing entry in ACL Component
2023-11-07 15:17:54 +01:00
Sami Mokaddem
e83295ef35
new: [sightings:view] Added endpoint sightings/view to get sightings by ID or UUID
2023-11-07 15:16:39 +01:00
iglocska
9c5919f96e
new: [event report] fetch from url now detects other formats
...
- pdf, xlsx, pptx, ods, odt, docx extension documents are now imported via the given module
2023-11-02 14:41:06 +01:00
iglocska
075a68f187
Merge branch 'llm_tests' into develop
2023-10-31 15:04:27 +01:00
iglocska
511538c14a
fix: [internal] mactime template uuid fix and saveObject improvement
2023-10-31 15:02:26 +01:00
Sami Mokaddem
2253338b65
chg: [workflow:normalizeData] Gracefully cath exception and provide more feedback when supplying wrong input data
...
Fix #9344
2023-10-25 16:20:39 +02:00
Sami Mokaddem
8d01368bf7
fix: [events:view] Remove any tooltip upon closing the popover form
...
This will make @iglocska happy.
2023-10-25 15:39:25 +02:00
Sami Mokaddem
786ad2dde8
fix: [warninglist:crud] Nicer error message when trying to save no values
...
Fix #9179 thanks to @vincenzocaputo for the initial work!
2023-10-25 11:45:00 +02:00
Sami Mokaddem
fb1c6bb0bc
chg: [workflow] Jinja template rendering is done automatically based on param options
2023-10-25 10:52:59 +02:00
iglocska
a136c07562
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-10-24 22:31:01 +02:00
iglocska
f2ff8441e3
fix: [user search] in index, removed old style authkey as a valid search field
2023-10-24 19:56:31 +02:00
iglocska
db385f030f
fix: [user search] in index, removed old style authkey as a valid search field
2023-10-24 19:55:36 +02:00
Raphaël Vinot
8407961025
chg: [PyMISP] Bump version
2023-10-24 15:10:57 +02:00
Sami Mokaddem
c952fcad4b
fix: [objects:edit] Restored behavior of upgrading object to newer template
2023-10-24 09:26:41 +02:00
iglocska
d4256ad87a
fix: [llm test] should work nao
2023-10-18 16:45:50 +02:00
Sami Mokaddem
da3df61950
chg: [eventReport:sendToLLM] Stop debugging
2023-10-17 23:26:56 +02:00
Sami Mokaddem
3fd50f007a
new: [eventreport:sendToLLM] Added draft of feature
2023-10-17 21:53:51 +02:00
iglocska
94585b4dad
fix: [warninglists] default to matching types ALL if nothing is set
2023-10-17 21:10:12 +02:00
iglocska
00d22d29b1
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-10-05 17:05:59 +02:00
iglocska
a3c728674f
chg: [event restsearch] exposed includeGranularCorrelations
...
- and also made it visible in the JSON output
2023-10-05 17:05:22 +02:00
Jeroen Pinoy
f7c4d9345d
new: [RestClient] Add user totp_delete to query builder
2023-10-04 17:50:43 +02:00
Andras Iklody
b33720aa46
Merge pull request #9310 from tomking2/bug/attribute_sharinggroup_filter
...
Regression - Rest search with 'attributes' controller no longer filters by sharing group ID
2023-10-04 14:12:42 +02:00
Sami Mokaddem
182e7aa87f
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-10-04 13:17:26 +02:00
Sami Mokaddem
00c7a7169e
fix: [security] XSS in selectGalaxy
...
- As reported by Zigrin Security
2023-10-04 13:16:33 +02:00
Tom King
24ac6ae4b8
fix: [Attribute REST] Add sharinggroup as an allowed parameter for attribute filtering
2023-10-03 14:41:55 +01:00
iglocska
b6386674c4
Merge branch '2.4' into develop
2023-10-02 15:30:51 +02:00
iglocska
7bd64bc23f
fix: [search] pagination fix
2023-10-02 15:30:17 +02:00
Christian Studer
47526fa675
chg: [upload_stix] Properly getting the changes on the Galaxies handling option from the form
2023-09-28 13:12:56 +02:00
Christian Studer
35ea184c2d
chg: [upload_stix] Visual improvement with descriptions added
...
- More information on the different options to
handle galaxies and clusters while importing
STIX 2 content
- More information on the debugging options
2023-09-28 12:46:43 +02:00
Jeroen Pinoy
5b627c076a
fix: [AuthKeys] Allow users to edit own authkeys, fix #9292 ( #9293 )
2023-09-28 11:15:18 +02:00
Jeroen Pinoy
2f790c2f17
[users:totp] set correct rest response action for totp_delete ( #9303 )
2023-09-28 10:57:01 +02:00
iglocska
2c931c6058
fix: [API] filter parameters added
2023-09-24 19:29:43 +02:00
iglocska
e9c410687b
chg: [tests] make em happy with re-including a filter parameter that worked before, albeit unintentionally
2023-09-24 14:34:13 +02:00
iglocska
a316e9ff64
fix: [ibternal] invalid ; instead of ,
...
- Me not think good.
2023-09-24 09:21:32 +02:00
iglocska
83ffa8eb9f
fix: [restsearch] parameters fixed
2023-09-24 08:43:13 +02:00
Sami Mokaddem
28179ced9c
chg: [config:customAuth_header] Default to upper case.
...
- See $_SERVER make passed headers upper case
2023-09-22 11:43:02 +02:00
iglocska
664034b193
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-09-22 10:36:40 +02:00
iglocska
00b25a9f93
fix: [taxonomy] enable/disable creating junk taxonomies on invalid ID, fixes #9273
2023-09-22 10:36:08 +02:00
Sami Mokaddem
d339ffa792
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-09-22 10:18:46 +02:00
Sami Mokaddem
d04053d4b0
chg: [posts:crud] Prevent readonly users to create posts
2023-09-22 10:17:43 +02:00
Jeroen Pinoy
9e66f12a7f
fix: [RestSearch] allow filtering on eventinfo for events and attributes
2023-09-19 20:06:15 +02:00
Raphaël Vinot
ed381cae97
chg: [PyMISP] Bump
2023-09-15 10:37:04 +02:00
iglocska
ed96864894
new: [logs] add time based filter
2023-09-14 14:14:51 +02:00
iglocska
37ecf81b84
fix: [internal] improved parameter parsing
2023-09-14 12:55:17 +02:00
iglocska
22f68a2b15
Merge branch 'pw_change_time' into develop
2023-09-13 15:48:59 +02:00
Luciano Righetti
158c8b2f78
fix: properly filter out query parameters
2023-09-13 08:18:15 +02:00
Jeroen Pinoy
7ce06cad9f
new: [Users] add last password change timestamp for users
2023-08-29 13:47:24 +02:00
Luciano Righetti
b99bfef287
Merge pull request #9266 from Wachizungu/fix-indexfilter-massage
...
fix: [CRUD-IndexFilter] correct index page filtering for REST request…
2023-08-24 14:20:09 +02:00
Luciano Righetti
2cc0a08628
Merge pull request #9259 from TomOgs/ServerEditIssue
...
fix: check for existence of push_rules in /server/edit requests before parsing JSON
2023-08-24 14:19:48 +02:00
Jeroen Pinoy
1883366490
fix: [CRUD-IndexFilter] correct index page filtering for REST requests. fix #9265
2023-08-24 13:49:24 +02:00
Luciano Righetti
7c3914a4be
fix: event audit log pagination bug, fixes #9245
2023-08-24 11:58:28 +02:00
Raphaël Vinot
6ac212311d
chg: [PyMISP] Bump
2023-08-23 14:01:02 +02:00
TomOgs
0e89fd0124
fix: prevent push_rules from being required in API requests to /server/edit endpoint
2023-08-22 21:04:37 +08:00
Sami Mokaddem
60468554a8
Merge remote-tracking branch 'origin/2.4' into develop
2023-08-11 10:57:38 +02:00
Luciano Righetti
09fb0cba65
fix: [security] reflected xss on dashboard edit
2023-08-11 09:53:21 +02:00
Alexandre Dulaunoy
e88785ea30
Merge pull request #9225 from Wachizungu/fix-galaxy-view-galaxy-clusters-search
...
fix: [Galaxies] fix galaxy view, galaxy clusters index search. fix #9224
2023-08-09 16:38:34 +02:00
Alexandre Dulaunoy
e678419365
Merge pull request #9233 from righel/fix-8875
...
Fix /taxonomies/view string filter
2023-08-09 16:26:17 +02:00
Sami Mokaddem
2f0bd270c1
Merge remote-tracking branch 'origin/2.4' into develop
2023-08-09 15:20:17 +02:00
Sami Mokaddem
664504f7f6
new: [user:periodicReporting] Allow setting the number of days to look back (UI only)
2023-08-09 15:19:58 +02:00
Sami Mokaddem
3c097f8202
fix: [dashboard:csvExport] Quote elements and correctly apply line break
2023-08-09 14:56:24 +02:00
Sami Mokaddem
51a1441a4a
chg: [dashboard:exportcsv] Small refactoring
2023-08-09 10:24:34 +02:00
Sami Mokaddem
9faf497749
Merge remote-tracking branch 'origin/2.4' into develop
2023-08-07 14:32:52 +02:00
Sami Mokaddem
123b1d07c2
new: [dashboard:export] Added CSV export functionality
2023-08-07 14:32:21 +02:00
Luciano Righetti
ccb409d4b6
fix: not supported
2023-08-03 15:56:54 +02:00
Luciano Righetti
c4b339fe65
fix: /taxonomies/view filter fixes #8875
2023-08-03 15:52:56 +02:00
Luciano Righetti
1461fea281
Merge branch 'develop' into allow-enrich-objects
2023-08-01 09:48:44 +02:00
Jeroen Pinoy
802542ef39
fix: [Galaxies] fix galaxy view, galaxy clusters search. fix #9224
2023-07-31 16:36:47 +02:00
Raphaël Vinot
f22c82e87a
chg: [PyMISP] Bump.
2023-07-31 12:08:29 +02:00
Sami Mokaddem
967d01b4a1
Merge branch 'develop' of github.com:MISP/MISP into feature_workflows/enrichment-improvements
2023-07-31 09:41:47 +02:00
Luciano Righetti
7c28cee942
fix: revert loginAction override
2023-07-28 15:29:46 +02:00
iglocska
4ad70965b5
fix: [totp] generate a new totp secret each time a the totp_new endpoint is queried via a GET request, fixes #9220
2023-07-28 13:10:19 +02:00
Sami Mokaddem
26779f7753
chg: Bumped queryVersion
2023-07-28 10:42:38 +02:00
Luciano Righetti
a84de1f444
Merge pull request #9211 from righel/fix-attr-search-pagination-9157
...
fix: light pagination bug in /attributes/search/results see #9157
2023-07-26 09:42:58 +02:00
Luciano Righetti
a3b07ff49f
fix: light pagination bug in /attributes/search/results see #9157
2023-07-26 09:38:58 +02:00
iglocska
015c5a4b94
Merge branch 'loginAction' into develop
2023-07-24 23:29:26 +02:00
iglocska
47ba11e246
fix: [proposal] index should also include the "deleted" field
2023-07-24 00:52:44 +02:00
iglocska
786f46edb4
fix: [proposal] proposal index fix as described 2 commits ago
2023-07-24 00:50:29 +02:00
iglocska
a0f6c4e45a
fix: [proposal accept] fixed for deletions
...
- soft delete rather than hard delete or the propagation will fail
2023-07-24 00:19:24 +02:00
iglocska
b89871978f
Merge branch 'sighting_push_fix' into develop
2023-07-24 00:10:13 +02:00
iglocska
b3180624bb
fix: [sightings] only pushed via full push to avoid congestion
...
- the old behaviour can be re-enabled via Sightings.enable_realtime_publish
- massive performance gain on heavily interconnected instances
2023-07-24 00:08:53 +02:00
Christian Studer
edb13cfd02
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-07-21 16:35:05 +02:00
Mathieu Rollet
9e15f352d0
explicitly set loginAction with baseurl
2023-07-17 16:14:49 +02:00
iglocska
65bb3ef6eb
fix: [security] otp reset otp_secret on logout
...
- changing users within the same session can otherwise lead to the creation of the same otp seed for multiple users
2023-07-17 01:15:34 +02:00
Andras Iklody
64ef573bfd
fix: [acl] sighting restsearch should be open to all, fixes #9116
2023-07-13 20:35:22 +02:00
Luciano Righetti
2c661b565f
new: allow user to enrich objects
2023-07-11 16:36:20 +02:00
Raphaël Vinot
fccbc08185
chg: [PyMISP] Bump version
2023-07-10 16:19:05 +02:00
iglocska
be28fdf53c
fix: [pw reset] fix (pass the token for deletion)
2023-07-10 16:08:07 +02:00
iglocska
71fdd9ac20
fix: [forgotten password] fixed
2023-07-10 16:02:34 +02:00
iglocska
68cb56037f
fix: [password reset] various issues
2023-07-10 15:58:28 +02:00
iglocska
b121af4c13
Merge branch 'develop' of github.com:MISP/MISP into develop
2023-07-10 15:34:16 +02:00
iglocska
8ff6dc2ea1
new: [forgotten password] optional feature added
2023-07-10 15:30:28 +02:00
iglocska
df3b8446b3
Merge branch '2.4' into develop
2023-06-29 12:39:45 +02:00
iglocska
26ad0ef607
fix: [customauth] Don't renew the session with each query
...
- Leave the session handling to the normal life-cycle management
- should solve the issues where CSRF keeps kicking users off
2023-06-29 12:38:29 +02:00
Luciano Righetti
f125630c1c
fix: properly handle different cert file extensions in server sync. #9084
2023-06-28 09:42:12 +02:00
iglocska
0545d448f9
Merge branch '2.4' of github.com:MISP/MISP into 2.4
2023-06-26 18:17:18 +02:00
iglocska
404c71ade6
new: [dashboard widget] added functionalities to download widget raw data
...
- download the JSON passed to the front-end of a widget on-demand
2023-06-26 18:16:31 +02:00
iglocska
640e6ef0b5
new: [dashboard widget] added download parameter to the widget system
2023-06-26 18:15:17 +02:00
Stefano Ortolani
98dd4286ea
Fix search galaxy clusters
2023-06-24 12:54:09 +01:00
iglocska
3bf85ea29f
chg: [TOTP] set name
2023-06-21 14:52:53 +02:00
iglocska
7853cf70c2
fix: [UI] index searches will handle spaces correctly
2023-06-14 18:39:06 +02:00
Raphaël Vinot
6a1963930b
chg: [PyMISP] Bump
2023-06-08 15:14:58 +02:00
iglocska
15d5b58769
fix: [acl] added missing entries
2023-06-08 14:23:14 +02:00
iglocska
de9ac9588a
fix: [capitalisation] fail
2023-06-08 13:15:34 +02:00
iglocska
a41a438290
fix: [acl] fixed for taxii servers
2023-06-08 10:50:31 +02:00
iglocska
a752d29e03
new: [taxii preview] Browse a taxii server and view the data it contains
...
- browse collections
- browse contents of the individual collections and paginate through the data
2023-06-07 14:31:58 +02:00
Christophe Vandeplas
27ece6afba
fix: [AuthKeys] improve readability of add ACL
2023-06-04 09:25:19 +02:00
Christophe Vandeplas
d056b8dceb
fix: [AuthKey] Cleanup AuhKey permissions fixes #9121
2023-06-04 09:14:11 +02:00
Christophe Vandeplas
132afb7321
fix: [Users] fixes column not found Role.perm_site_admin
2023-06-04 08:18:52 +02:00
Christophe Vandeplas
b2bb4f817b
fix: [security] Org admins cannot delete site admin accounts see #9121
2023-06-04 07:01:29 +02:00
iglocska
8d596784e3
fix: [privileges] only site admins can remove totp for a user
...
- leads to potential privilege check circumvention otherwise (org admin deleting site admin's totp key)
- also, removal should be a nuclear option
2023-05-31 15:12:54 +02:00
iglocska
3097dc106e
fix: [totp field check] causes exception if update is not executed yet and the field isn't added
...
- without the login the update doesn't execute - chicken & egg issue
2023-05-31 15:11:51 +02:00
Christophe Vandeplas
cb74ad507f
chg: [security] OTP support for HOTP
2023-05-25 23:28:14 +02:00
Christophe Vandeplas
afbb9fab95
chg: [security] TOTP anti-bruteforce support
2023-05-25 21:12:07 +02:00
Christophe Vandeplas
6311f7d3e6
Merge branch 'develop' into feature/totp
2023-05-25 20:53:06 +02:00
Jakub Onderka
3acccf9875
Merge pull request #8830 from JakubOnderka/access-log-enhancement
...
Access log enhancement
2023-05-24 13:38:06 +02:00
Jakub Onderka
2e753abea1
chg: [internal] Use less memory when encoding big JSON responses
2023-05-24 09:56:43 +02:00
Jakub Onderka
44738e4382
chg: [UI] Show user agent in title in access log
2023-05-24 09:56:43 +02:00
Jakub Onderka
90d7d66ee6
Merge pull request #8906 from JakubOnderka/fix-missing-user-id
...
fix: [internal] Missing user_id field for event when editing shadow attribute
2023-05-24 09:55:24 +02:00
Jakub Onderka
b9902618eb
Merge pull request #8909 from JakubOnderka/fix-notice
...
fix: [internal] Undefined index for invalid request
2023-05-24 09:53:50 +02:00
iglocska
7a3b8617eb
Merge branch '2.4' into develop
2023-05-23 10:48:09 +02:00
iglocska
a94777231b
fix: [templates controller] remove CSRF protection from the rearranging
...
- worst case an attacker messes with the order of a template's fields via CSRF, don't think anyone will ever care
- removes the annoying blackholing for the drag and drop
2023-05-23 10:46:54 +02:00
Christophe Vandeplas
a5f5a4e113
chg: [user] log last_api_access hourly if MISP.store_api_access_time is not set
2023-05-21 20:12:44 +02:00
Christophe Vandeplas
acb258cc52
chg: [security] User index inactive user filter
2023-05-21 19:29:56 +02:00
Christophe Vandeplas
c5483cf4b5
fix: [cleanup] removes some TODO messages #103
2023-05-21 10:09:05 +02:00
Christophe Vandeplas
dbf827f536
fix: [feeds] fix missing variable for view
2023-05-21 08:49:33 +02:00
Christophe Vandeplas
e90083020f
chg: [security] Require TOTP and QR code lib for TOTP secret creation
2023-05-20 10:26:45 +02:00
Christophe Vandeplas
8e370fa6f0
chg: [security] TOTP event logging
2023-05-20 10:13:56 +02:00
Christophe Vandeplas
dac7aaf7d6
chg: [security] Disallow creation of TOTP token if LinOTP is enabled
2023-05-20 09:20:36 +02:00
Christophe Vandeplas
81db5958d9
chg: [security] Allow enforcement of TOTP
2023-05-20 08:56:40 +02:00
Christophe Vandeplas
856a9e4b4c
chg: [security] admins can delete user TOTP
2023-05-20 08:05:48 +02:00
Christophe Vandeplas
61573392ea
chg: [security] allow creation of TOTP token
2023-05-19 20:56:52 +02:00
Christophe Vandeplas
6caccac94d
new: [security] TOTP authentication
2023-05-19 06:57:16 +02:00
Jakub Onderka
2f1d56509c
chg: [internal] Code cleanup for galaxy import
2023-05-17 13:56:17 +02:00
iglocska
9f5e49995a
Merge branch 'new_widgets' into develop
2023-05-16 14:12:59 +02:00
iglocska
712321eb81
new: [dashboard templates] show which modules will be visible to the given user
2023-05-16 14:04:32 +02:00
iglocska
a60202d9d1
fix: [junk removed] removed accidentally inserted characters
...
- fell asleep on the keyboard?
2023-05-16 13:41:44 +02:00
iglocska
9e763ba0e5
new: [auth] log api key usage in redis
...
- lightweight per day slice of api key use
- built as a ranked set in redis for the dashboards
2023-05-16 13:39:31 +02:00
Raphaël Vinot
1d53868c99
chg: [PyMISP] Bump version
2023-05-12 00:10:36 +02:00
Sami Mokaddem
a2719e3c82
chg: [appController] Bumped queryVersion
2023-05-04 09:13:01 +02:00
Sami Mokaddem
8507fc5d6b
Merge branch 'feature-workflow-filtering-modules' into develop
2023-05-04 09:12:19 +02:00
Jakub Onderka
9e4c67b900
fix: [internal] Warning when searchvalue is not defined
2023-05-03 18:15:40 +02:00
Sami Mokaddem
dc9a1489e1
Merge branch 'develop' of github.com:MISP/MISP into feature-workflow-filtering-modules
2023-05-03 14:57:04 +02:00
Sami Mokaddem
a548fbc8a9
chg: [workflow] Updated filter add/reset and added support + fixed bunch of bugs
...
Also added raw (patched) drawflow library source code
2023-05-03 14:56:38 +02:00